On Thu, Mar 20, 2003, Artur Pydo wrote:
> I can see the same segmentation fault :
>
> FreeBSD 4.8-STABLE
> Apache 1.3.27
> Openssl 0.9.7a
> Modssl 2.8.13
> PHP 4.3.1 / PHP 4.3.2RC1 / PHP 4.3.2-snapshot
>
> It happens both with static compilation and as DSO.
>
> The backtrace seems pointing out an error in
> ssl_var_lookup_ssl_cert().
>
> This problem only appears with PHP compiled in and
> asking for a .php document. I mean asking for a html
> document works fine.
>
> Backtrace (sorry for the formatting) :
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x283a6e9a in ssl_var_lookup_ssl_cert () from
> /usr/local/apache/libexec/libssl.so
> (gdb) bt
> #0 0x283a6e9a in ssl_var_lookup_ssl_cert () from
> /usr/local/apache/libexec/libssl.so
> #1 0x283a6d49 in ssl_var_lookup_ssl () from
> /usr/local/apache/libexec/libssl.so
> #2 0x283a6291 in ssl_var_lookup () from /usr/local/apache/libexec/libssl.so
> #3 0x283a11c8 in ssl_hook_Fixup () from /usr/local/apache/libexec/libssl.so
> #4 0x805472b in run_method (r=0x815d034, offset=29, run_all=1) at
> http_config.c:370
> #5 0x805480a in ap_run_fixups (r=0x815d034) at http_config.c:397
> #6 0x806a7cc in process_request_internal (r=0x815d034) at
> http_request.c:1303
> #7 0x806a866 in ap_process_request (r=0x815d034) at http_request.c:1324
> #8 0x80610eb in child_main (child_num_arg=0) at http_main.c:4689
> #9 0x80612cd in make_child (s=0x80b0034, slot=0, now=1048177481) at
> http_main.c:4813
> #10 0x8061446 in startup_children (number_to_start=5) at http_main.c:4895
> #11 0x8061a74 in standalone_main (argc=5, argv=0xbfbffb04) at
> http_main.c:5203
> #12 0x80622f0 in main (argc=5, argv=0xbfbffb04) at http_main.c:5566
> #13 0x804f4b1 in _start ()
Hmmm... I've in-depth looked at the changes to ssl_engine_vars.c
and they all look correct:
Index: ssl_engine_vars.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_vars.c,v
retrieving revision 1.51
retrieving revision 1.53
diff -u -d -u -3 -r1.51 -r1.53
--- ssl_engine_vars.c 29 Jun 2002 07:42:51 -0000 1.51
+++ ssl_engine_vars.c 29 Oct 2002 13:00:46 -0000 1.53
@@ -314,12 +314,16 @@
result = ssl_var_lookup_ssl_cert_verify(p, c);
}
else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) {
- if ((xs = SSL_get_peer_certificate(ssl)) != NULL)
+ if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
result = ssl_var_lookup_ssl_cert(p, xs, var+7);
+ X509_free(xs);
+ }
}
else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
- if ((xs = SSL_get_certificate(ssl)) != NULL)
+ if ((xs = SSL_get_certificate(ssl)) != NULL) {
result = ssl_var_lookup_ssl_cert(p, xs, var+7);
+ X509_free(xs);
+ }
}
return result;
}
@@ -352,7 +356,7 @@
xsname = X509_get_subject_name(xs);
cp = X509_NAME_oneline(xsname, NULL, 0);
result = ap_pstrdup(p, cp);
- free(cp);
+ OPENSSL_free(cp);
resdup = FALSE;
}
else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
@@ -364,7 +368,7 @@
xsname = X509_get_issuer_name(xs);
cp = X509_NAME_oneline(xsname, NULL, 0);
result = ap_pstrdup(p, cp);
- free(cp);
+ OPENSSL_free(cp);
resdup = FALSE;
}
else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) {
@@ -543,6 +547,10 @@
else
/* client verification failed */
result = ap_psprintf(p, "FAILED:%s", verr);
+
+ if (xs != NULL)
+ X509_free(xs);
+
return result;
}
Additionally, I still cannot reproduce the problem myself. So, can you
help me here by using a breakpoint at ssl_var_lookup_ssl_cert() and the
single-stepping until the problem occurs? This would help us in really
locating the problem.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
